Download the PHP package snowiow/x509ds without Composer
On this page you can find all versions of the php package snowiow/x509ds. It is possible to download/install these versions without Composer. Possible dependencies are resolved automatically.
Informations about the package x509ds
X509DS - Digital Signature generation Library for XML Requests
Introduction
X509DS is a library to help with the tedious process of appending a digital signature node to a X509 authentication request. A X509 request normally looks something like this:
Most of the time you want to append a signature into the header, which hashes and canonizes some of the nodes of the XML document. Ultimatelly the whole signature node woll be signed by private key of your x509 certificate. The resulting XML document would look like this:
The process of creating the signature is rather tedious, because you need to deal with the encryption and openssl on the one hand and with the PHP []DOMDocument](https://secure.php.net/manual/en/dom.setup.php) on the other. This library is there to provide an easy interface for creating digital signatures. The corresponding PHP code for creating a digital signature like in the example before, would look like this:
As you can see the whole process doesn't take more than 4 statements. Of course you can configure different things on how the signature is built. More on this topic in the advanced usage part.
Requirements
- At least PHP 7.1
- dom.so extension enabled in the php.ini (Installation instructions)
- openssl.so extension enabled in the php.ini (Installation instructions)
Installation
Via composer:
composer require snowiow/x509ds
Usage
Create a Signer object:
Either from a private key or pfx.
Private Key
Pfx File
Set the canonization method. DEFAULT: C14N
Set the digest method. DEFAULT: SHA1
Set the signature method. DEFAULT: SHA1
Set a target. DEFAULT: Header
The signature node can be appended to an arbitrary node as a child.
Set the tags. DEFAULT: []
Set the names of the nodes, of which you need digest values in your signature. The method is called setTags, because the nodes will be searched via the DOMDocument method getElementsByTagName
. Additonal methods like getElementsByTagNameNS
and getElementById
will be added in a later version. The tags are required as an array, where the key is the node name and the value is the uri, which will be set as an attribute in the reference node of the digest value.
Set a Security Token Reference Node (Optional)
Sometimes an additional SecurityTokenReference node is needed. The node will be added to the signature and looks like this:
The uri can be configured:
Sign a document
Finally you can sign your XML document. This will return the modified DOMDocument with the signature node:
Get certificate from pfx file
Because a pfx file contains both, the private key and the certificate you can also retrieve the extracted certificate and use it for example to insert it into the BinaraySecurityToken node: